Details
-
Change Request
-
Resolution: Unresolved
-
Medium
-
Interoperable Digital Identity and Patient Matching (FHIR)
-
current
-
Patient Administration
-
Patient Matching
-
4.2
Description
Please clarify this requirement: "As a best practice, identity verification SHOULD be at a minimum of IAL2 or LoA-3 for professionals who are end users of health IT systems and for an implementer’s overall operations.":
- This is on the Patient Matching page. Is it only meant for the requester of a patient match, or is it for any possible FHIR request?
- Is this a suggestion to the requesting organization to ID proof the person to this level when they provision them as a user, or to the responding system to reject a FHIR request if an identity verification level is asserted that is under these levels?